Attackers are exploiting Palo Alto Networks defect that initially flew under the radar
The escalated threat posed by the defect showcases how quickly a seemingly mild vulnerability can turn into an urgent warning. The post Attackers are exploit...
Vulnerability Disclosure
20 articles
Inspector general finds NIST mistakes have made vulnerability database ineffective
NIST’s National Vulnerability Database (NVD) backlog mushroomed from 13,000 unprocessed security vulnerabilities in February 2024 to more than 27,000 by the ...
PAN-OS authentication bypass bug added to list of exploited vulnerabilities
While NIST upgraded the bug to 9.1, experts say teams must focus more on how attackers can exploit this flaw to gain VPN access.
Oracle’s first monthly patch release fixes 35 flaws, including 11 rated ‘critical’
Oracle has released the first security fixes in its new monthly Critical Security Patch Update (CSPU) cycle, designed to address urgent vulnerabilities that ...
Vulnerability Disclosure in the Age of AI
New article: “Responsible Disclosure in the Age of AI: A Call for Urgent Action,” by Melissa Hathaway. Abstract: Artificial intelligence is fundamentally res...
Unauthenticated Privilege Escalation Vulnerability Patched in Kirki WordPress Plugin
On May 4th, 2026, we received a submission for an Unauthenticated Privilege Escalation vulnerability in the Kirki WordPress plugin. Although the plugin has m...
Race Against Time: Why Faster Vulnerability Alerts Matter
Attackers are exploiting vulnerabilities faster than many organizations can identify and patch them. SecAlerts explains why faster vulnerability alerts can h...
Critical Flowise Flaw Gives Attackers Full Server Control
Obsidian publishes PoC for a 1-click Flowise RCE that can fully compromise self-hosted servers
⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More
Monday hit like a cron job with anger issues. A busted auth path here, a repo-side faceplant there, some "patched-ish" thing already getting chewed on in the...
Insight bundles exposure management, patch operations, and XDR into one service
Insight has launched Insight Managed Exposure Defense, a managed security service designed to help organizations identify and address vulnerabilities. The se...
Cato cuts vulnerability protection time to 45 minutes with agentic threat research
Cato Networks announced a new capability that reduces time-to-protect for newly disclosed vulnerabilities to 45 minutes. The company attributes this reductio...
Zero-Click pretalx XSS Flaw Lets Hackers Hijack Conference Organizer Accounts
pretalx XSS flaw lets attackers hijack conference organizer accounts, steal sessions, auto-accept talks, and demote admins. Patched in v2026.
Microsoft Defender Vulnerability Management gets a smarter exposure score
Microsoft Defender Vulnerability Management’s updated exposure score model adds vulnerability risk signals and asset context to help teams understand where r...
Critical Windows Netlogon RCE flaw now exploited in attacks
The Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a rece...
Horizon3.ai introduces Rapid Response to prioritize and verify vulnerability remediation
Horizon3.ai has introduced Rapid Response, a capability that helps organizations assess exposure to newly disclosed threats, prioritize remediation, and veri...
Flowise’s MCP implementation can run ghost commands
Enterprises using the lightweight, open-source Flowise platform to power self-hosted AI workloads have a new near-max severity issue to worry about. Research...
How NIST fumbled management of the National Vulnerability Database
A US federal watchdog has outlined how the National Institute of Standards and Technology (NIST) failed to effectively manage the growing backlog of unproces...
19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access
proof-of-concept (PoC) exploit code has been released for the CIFSwitch flaw, which allows low-privileged users to escalate to root on vulnerable Linux syste...
CIFSwitch, a Linux Root Bug Hidden in Plain Sight for 19 Years
CIFSwitch is a 19-year-old Linux logic bug turning forged CIFS auth keys into root. Affects Mint, CentOS, Rocky, Kali, SLES.
Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts
Threat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro, a WordPress plugin that has had over 15,000 sales on the Env...